my application ( C#+SQL server) is running on the shared hosting. However, someone is able to access the database without permit. The connection string in the Web.config file, it had also been encrupted. Based on the above the senario, I have the following questions:

And you need to provide more details of how the person is able to access the database. Using your application? Using SQL Server Management Studio? Something else?
–
JohnLSep 21 '11 at 12:56

Point 1 is a question that should be asked to your hosting company.
–
Ira RaineySep 21 '11 at 13:00

They decrypted the connectionstring and find the database location, username and password there.
–
AcubiSep 21 '11 at 13:04

How do you know somebody has access to your database? If you have data that you really need to protect, shared hosting isn't what you should be using, because you cannot limit who can access the content.
–
RamhoundSep 21 '11 at 13:08